mirror of
https://github.com/zeek/zeek.git
synced 2025-10-05 08:08:19 +00:00
Merge remote-tracking branch 'origin/topic/seth/zeek_init'
* origin/topic/seth/zeek_init: Some more testing fixes. Update docs and tests for bro_(init|done) -> zeek_(init|done) Implement the zeek_init handler.
This commit is contained in:
Jon Siwek
commit
a994be9eeb
628 changed files with 868 additions and 1082 deletions
|
|
@ -6,7 +6,7 @@
|
|||
|
||||
redef Analyzer::disabled_analyzers += { Analyzer::ANALYZER_SSH };
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Analyzer::disable_analyzer(Analyzer::ANALYZER_DNS);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
redef Analyzer::disable_all = T;
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Analyzer::enable_analyzer(Analyzer::ANALYZER_DNS);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
# @TEST-EXEC: bro -r ${TRACES}/ssh/ssh-on-port-80.trace dpd_buffer_size=0;
|
||||
# @TEST-EXEC: cat conn.log | bro-cut service | grep -vq ssh
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Analyzer::register_for_port(Analyzer::ANALYZER_SSH, 80/tcp);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ redef Cluster::proxy_pool_spec =
|
|||
$max_nodes = 1
|
||||
);
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
my_pool = Cluster::register_pool(my_pool_spec);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ redef Cluster::proxy_pool_spec =
|
|||
$max_nodes = 1
|
||||
);
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
my_pool = Cluster::register_pool(my_pool_spec);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ event fully_connected()
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Broker::auto_publish(Cluster::manager_topic, fully_connected);
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ type Info: record {
|
|||
num: count &log;
|
||||
};
|
||||
|
||||
event bro_init() &priority=5
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(Test::LOG, [$columns=Info, $path="test"]);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -55,7 +55,7 @@ event fully_connected(n: string)
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Broker::auto_publish(Cluster::logger_topic, fully_connected);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ event fully_connected()
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Broker::auto_publish(Cluster::manager_topic, fully_connected);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
|
|||
|
||||
global ready_for_data: event();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Broker::auto_publish(Cluster::worker_topic, ready_for_data);
|
||||
}
|
||||
|
|
@ -64,7 +64,7 @@ function option_changed(ID: string, new_value: any, location: string): any
|
|||
return new_value;
|
||||
}
|
||||
|
||||
event bro_init() &priority=5
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Option::set_change_handler("testport", option_changed, -100);
|
||||
Option::set_change_handler("teststring", option_changed, -100);
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
|
|||
|
||||
global ready_for_data: event();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Broker::auto_publish(Cluster::worker_topic, ready_for_data);
|
||||
}
|
||||
|
|
@ -84,7 +84,7 @@ function option_changed(ID: string, new_value: any, location: string): any
|
|||
return new_value;
|
||||
}
|
||||
|
||||
event bro_init() &priority=5
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Option::set_change_handler("testport", option_changed, -100);
|
||||
Option::set_change_handler("teststring", option_changed, -100);
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ event Input::end_of_data(name: string, source:string)
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Config::read_config("../configfile");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ export {
|
|||
option test_vector: vector of count = {};
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Config::read_config("../configfile");
|
||||
}
|
||||
|
|
@ -75,7 +75,7 @@ function option_changed(ID: string, new_value: any, location: string): any
|
|||
return new_value;
|
||||
}
|
||||
|
||||
event bro_init() &priority=5
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Option::set_change_handler("testport", option_changed, -100);
|
||||
Option::set_change_handler("teststring", option_changed, -100);
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: btest-diff config.log
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Config::set_value("Weird::sampling_duration", 5sec);
|
||||
Config::set_value("Weird::sampling_threshold", 10);
|
||||
|
|
@ -11,7 +11,7 @@ event bro_init()
|
|||
print "Config values set";
|
||||
}
|
||||
|
||||
event bro_init() &priority = -10
|
||||
event zeek_init() &priority = -10
|
||||
{
|
||||
print Reporter::get_weird_sampling_whitelist();
|
||||
print Reporter::get_weird_sampling_rate();
|
||||
|
|
|
|||
|
|
@ -11,16 +11,16 @@ const test_var = "ORIGINAL VALUE (this should be printed out first)" &redef;
|
|||
redef test_var = "NEW VALUE (this should be printed out second)";
|
||||
@TEST-END-FILE
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
print test_var;
|
||||
Reporter::info("handle bro_init");
|
||||
Reporter::info("handle zeek_init");
|
||||
}
|
||||
|
||||
event bro_done()
|
||||
event zeek_done()
|
||||
{
|
||||
print test_var;
|
||||
Reporter::info("handle bro_done");
|
||||
Reporter::info("handle zeek_done");
|
||||
}
|
||||
|
||||
event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT 2>&1
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
print "This should fail but not crash";
|
||||
print Files::lookup_file("asdf");
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff files.log
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Files::register_for_mime_type(Files::ANALYZER_MD5, "text/plain");
|
||||
};
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ redef test_get_file_name = function(f: fa_file): string
|
|||
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY 4242
|
||||
@TEST-END-FILE
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
local source: string = "../input.log";
|
||||
Input::add_analysis([$source=source, $reader=Input::READER_BINARY,
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, a: string, b
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
try = 0;
|
||||
outfile = open("../out");
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ event Input::end_of_data(name: string, source:string)
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
Input::add_table([$reader=Input::READER_CONFIG, $source="../configfile", $name="configuration", $idx=Idx, $val=Val, $destination=currconfig, $want_record=F]);
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ event Input::end_of_data(name: string, source:string)
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
Input::add_table([$reader=Input::READER_CONFIG, $source="../configfile", $name="configuration", $idx=Idx, $val=Val, $destination=currconfig, $want_record=F]);
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ event Input::end_of_data(name: string, source:string)
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
Input::add_table([$reader=Input::READER_CONFIG, $source="../configfile", $name="configuration", $idx=Idx, $val=Val, $destination=currconfig, $want_record=F]);
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, val: Val)
|
|||
print outfile, val;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line, $want_record=T]);
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r
|
|||
print outfile, right;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
try = 0;
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
|
|||
|
|
@ -148,7 +148,7 @@ event kill_me()
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("out");
|
||||
Input::add_event([$source="input.log", $name="file", $fields=FileVal, $ev=line_file, $want_record=T]);
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, i: int, b: b
|
|||
print outfile, b;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
Input::add_event([$source="../input.log", $name="input", $fields=Val, $ev=line, $want_record=F]);
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ type Val: record {
|
|||
global servers: table[int] of Val = table();
|
||||
global servers2: table[int] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, v: Val)
|
|||
print outfile, "Event", v;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, v: Val)
|
|||
print outfile, "Event", v;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ type Val: record {
|
|||
|
||||
global etable: table[int] of Log::ID = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
# first read in the old stuff into the table...
|
||||
Input::add_table([$source="../input.log", $name="enum", $idx=Idx, $val=Val, $destination=etable, $want_record=F]);
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ event line2(description: Input::EventDescription, tpe: Input::Event, v: Val)
|
|||
}
|
||||
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_event([$source="../does-not-exist.dat", $name="input", $reader=Input::READER_ASCII, $mode=Input::REREAD, $fields=Val, $ev=line, $want_record=T]);
|
||||
Input::add_event([$source="../does-not-exist.dat", $name="inputstream", $reader=Input::READER_ASCII, $mode=Input::STREAM, $fields=Val, $ev=line, $want_record=T]);
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, i: int, b: b
|
|||
{
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
try = 0;
|
||||
outfile = open("../out");
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of bool = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers, $want_record=F]);
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
Input::add_table([$name="input", $source="../input.log", $idx=Idx, $val=Val, $destination=servers]);
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@
|
|||
@load path-prefix-common-table.zeek
|
||||
redef InputAscii::path_prefix = "@path_prefix@";
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_table([$source="input.data", $name="input", $idx=Idx, $val=Val,
|
||||
$destination=destination, $want_record=F]);
|
||||
|
|
@ -35,7 +35,7 @@ event bro_init()
|
|||
@load path-prefix-common-event.zeek
|
||||
redef InputAscii::path_prefix = "@path_prefix@";
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_event([$source="input.data", $name="input",
|
||||
$fields=Val, $ev=inputev]);
|
||||
|
|
@ -48,7 +48,7 @@ event bro_init()
|
|||
@load path-prefix-common-analysis.zeek
|
||||
redef InputBinary::path_prefix = "@path_prefix@";
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_analysis([$source="input.data", $name="input"]);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
@load path-prefix-common-table.zeek
|
||||
redef InputAscii::path_prefix = "/this/does/not/exist";
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_table([$source="@path_prefix@/input.data", $name="input", $idx=Idx, $val=Val,
|
||||
$destination=destination, $want_record=F]);
|
||||
|
|
@ -29,7 +29,7 @@ event bro_init()
|
|||
@load path-prefix-common-event.zeek
|
||||
redef InputAscii::path_prefix = "/this/does/not/exist";
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_event([$source="@path_prefix@/input.data", $name="input",
|
||||
$fields=Val, $ev=inputev]);
|
||||
|
|
@ -42,7 +42,7 @@ event bro_init()
|
|||
@load path-prefix-common-analysis.zeek
|
||||
redef InputBinary::path_prefix = "/this/does/not/exist";
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_analysis([$source="@path_prefix@/input.data", $name="input"]);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
@load path-prefix-common-table.zeek
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_table([$source="input.data", $name="input", $idx=Idx, $val=Val,
|
||||
$destination=destination, $want_record=F]);
|
||||
|
|
@ -25,7 +25,7 @@ event bro_init()
|
|||
|
||||
@load path-prefix-common-event.zeek
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_event([$source="input.data", $name="input",
|
||||
$fields=Val, $ev=inputev]);
|
||||
|
|
@ -37,7 +37,7 @@ event bro_init()
|
|||
|
||||
@load path-prefix-common-analysis.zeek
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_analysis([$source="input.data", $name="input"]);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
@load path-prefix-common-table.zeek
|
||||
redef InputAscii::path_prefix = "alternative";
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_table([$source="input.data", $name="input", $idx=Idx, $val=Val,
|
||||
$destination=destination, $want_record=F]);
|
||||
|
|
@ -29,7 +29,7 @@ event bro_init()
|
|||
@load path-prefix-common-event.zeek
|
||||
redef InputAscii::path_prefix = "alternative";
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_event([$source="input.data", $name="input",
|
||||
$fields=Val, $ev=inputev]);
|
||||
|
|
@ -42,7 +42,7 @@ event bro_init()
|
|||
@load path-prefix-common-analysis.zeek
|
||||
redef InputBinary::path_prefix = "alternative";
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_analysis([$source="input.data", $name="input"]);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r
|
|||
print left, right;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $ev=line, $destination=servers]);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ type Val: record {
|
|||
|
||||
global servers: table[addr] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
Input::add_table([$source="../input.log", $name="input", $idx=Idx, $val=Val, $destination=servers]);
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
ct = 0;
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of bool = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int, string] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ global servers: table[int, string] of Val = table();
|
|||
global outfile: file;
|
||||
global try: count;
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
try = 0;
|
||||
outfile = open("../out");
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ type Val: record {
|
|||
|
||||
global servers: table[addr] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
try = 0;
|
||||
outfile = open("../out");
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out.tmp");
|
||||
Input::add_event([$source="wc -l ../input.log |", $reader=Input::READER_RAW, $name="input", $fields=Val, $ev=line, $want_record=F]);
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ function more_input(name_prefix: string)
|
|||
$config=config_strings]);
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
++total_processes;
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
try = 0;
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
try = 0;
|
||||
outfile = open("../out");
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
try = 0;
|
||||
outfile = open("../out");
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
try = 0;
|
||||
outfile = open("../out");
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ event InputRaw::process_finished(name: string, source:string, exit_code:count, s
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
local config_strings: table[string] of string = {
|
||||
["read_stderr"] = "1"
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
try = 0;
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ global destination: table[int] of bool = table();
|
|||
|
||||
const one_to_32: vector of count = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32};
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
try = 0;
|
||||
outfile = open("../out");
|
||||
|
|
|
|||
|
|
@ -103,7 +103,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r
|
|||
print outfile, right;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
try = 0;
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ type Idx: record {
|
|||
|
||||
global servers: set[addr] = set();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
|
|||
|
|
@ -86,7 +86,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, r: Conn::Inf
|
|||
print outfile, |r$tunnel_parents|; # to make sure I got empty right
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
local config_strings: table[string] of string = {
|
||||
["query"] = "select * from conn;",
|
||||
|
|
|
|||
|
|
@ -79,7 +79,7 @@ event term_me()
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
local config_strings: table[string] of string = {
|
||||
["query"] = "select * from ssh;",
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, p: port)
|
|||
print outfile, p;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
local config_strings: table[string] of string = {
|
||||
["query"] = "select port as p, proto from port;",
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, p: SSH::Log)
|
|||
print outfile, |p$vs|;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
local config_strings: table[string] of string = {
|
||||
["query"] = "select * from ssh;",
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
try = 0;
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ event line(description: Input::EventDescription, tpe: Input::Event, value: Val)
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
try = 0;
|
||||
outfile = open("../out");
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r
|
|||
}
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
try = 0;
|
||||
outfile = open("../out");
|
||||
|
|
|
|||
|
|
@ -81,7 +81,7 @@ event line(description: Input::TableDescription, tpe: Input::Event, left: Idx, r
|
|||
# print event_out, right;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
event_out = open ("../event.out");
|
||||
pred1_out = open ("../pred1.out");
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
|
|||
|
|
@ -7,11 +7,11 @@
|
|||
redef exit_only_after_terminate = T;
|
||||
|
||||
@TEST-START-FILE input.log
|
||||
#separator \x09
|
||||
#path ssh
|
||||
#fields b i e c p sn a d t iv s sc ss se vc ve ns
|
||||
#types bool int enum count port subnet addr double time interval string table table table vector vector string
|
||||
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY 4242
|
||||
#separator \x09
|
||||
#path ssh
|
||||
#fields b i e c p sn a d t iv s sc ss se vc ve ns
|
||||
#types bool int enum count port subnet addr double time interval string table table table vector vector string
|
||||
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY 4242
|
||||
@TEST-END-FILE
|
||||
|
||||
@load base/protocols/ssh
|
||||
|
|
@ -47,7 +47,7 @@ type Val: record {
|
|||
|
||||
global servers: table[int] of Val = table();
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
outfile = open("../out");
|
||||
# first read in the old stuff into the table...
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ hook Intel::item_expired(indicator: string, indicator_type: Intel::Type,
|
|||
print fmt("Expired: %s", indicator);
|
||||
}
|
||||
|
||||
event bro_init() &priority=-10
|
||||
event zeek_init() &priority=-10
|
||||
{
|
||||
schedule 1.5sec { do_it() };
|
||||
}
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ event Intel::log_intel(rec: Intel::Info)
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init() &priority=-10
|
||||
event zeek_init() &priority=-10
|
||||
{
|
||||
schedule 1sec { do_it() };
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ event Intel::log_intel(rec: Intel::Info)
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init() &priority=-10
|
||||
event zeek_init() &priority=-10
|
||||
{
|
||||
schedule 1sec { do_it() };
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ event do_it()
|
|||
$where=SOMEWHERE]);
|
||||
}
|
||||
|
||||
event bro_init() &priority=-10
|
||||
event zeek_init() &priority=-10
|
||||
{
|
||||
schedule 1sec { do_it() };
|
||||
}
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ event do_it()
|
|||
Intel::seen([$indicator="e@mail.com", $indicator_type=Intel::EMAIL, $where=Intel::IN_A_TEST]);
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
# Delay the workers searching for hits briefly to allow for the data distribution
|
||||
# mechanism to distribute the data to the workers.
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ event do_it()
|
|||
terminate();
|
||||
}
|
||||
|
||||
event bro_init() &priority=-10
|
||||
event zeek_init() &priority=-10
|
||||
{
|
||||
schedule 1sec { do_it() };
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ export {
|
|||
} &log;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Log::create_stream(SSH::LOG, [$columns=Info]);
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ export {
|
|||
|
||||
redef LogAscii::separator = "|";
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Log::create_stream(SSH::LOG, [$columns=Info]);
|
||||
Log::write(SSH::LOG, [$data="abc\n\xffdef", $data2="DATA2"]);
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ function logwrite(val: double)
|
|||
Log::write(Test::LOG, [$d=val]);
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
local d: double;
|
||||
local dmax: double = 1.79e308;
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ export {
|
|||
} &log;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Log::create_stream(SSH::LOG, [$columns=Log]);
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ export {
|
|||
} &log;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
local a = "abc\0def";
|
||||
local b = escape_string(a);
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ export {
|
|||
} &log;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Log::create_stream(test::LOG, [$columns=Log]);
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ export {
|
|||
} &log;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Log::create_stream(Test::LOG, [$columns=Log]);
|
||||
Log::write(Test::LOG, [$x=LogAscii::unset_field, $z=""]);
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ export {
|
|||
} &log;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Log::create_stream(Test::LOG, [$columns=Log]);
|
||||
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ export {
|
|||
} &log;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Log::create_stream(SSH::LOG, [$columns=Log]);
|
||||
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ export {
|
|||
redef Log::default_rotation_interval = 1hr;
|
||||
redef LogAscii::gzip_level = 1;
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Log::create_stream(Test::LOG, [$columns=Log]);
|
||||
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ function foo(i : count) : string
|
|||
return "Bar";
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Log::create_stream(SSH::LOG, [$columns=Log]);
|
||||
local filter = Log::Filter($name="ssh-uncompressed", $path="ssh-uncompressed",
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ export {
|
|||
} &log;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Log::create_stream(SSH::LOG, [$columns=Log]);
|
||||
Log::write(SSH::LOG, [
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ export {
|
|||
global log_test: event(rec: Info);
|
||||
}
|
||||
|
||||
event bro_init() &priority=5
|
||||
event zeek_init() &priority=5
|
||||
{
|
||||
Log::create_stream(testing::LOG, [$columns=testing::Info, $ev=log_test]);
|
||||
local info: Info;
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ function foo(i : count) : string
|
|||
return "Bar";
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Log::create_stream(SSH::LOG, [$columns=Log]);
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ export {
|
|||
};
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Log::create_stream(Test::LOG, [$columns=Info]);
|
||||
Log::write(Test::LOG, [$data="Test1"]);
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ export {
|
|||
} &log;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Log::create_stream(SSH::LOG, [$columns=Log]);
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ export {
|
|||
};
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Log::create_stream(Test::LOG, [$columns=Info]);
|
||||
Log::write(Test::LOG, [$data=double_to_time(1234567890)]);
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ export {
|
|||
} &log;
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Log::create_stream(SSH::LOG, [$columns=Log]);
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ redef record Log += {
|
|||
} &log;
|
||||
|
||||
|
||||
event bro_init()
|
||||
event zeek_init()
|
||||
{
|
||||
Log::create_stream(SSH::LOG, [$columns=Log]);
|
||||
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show more
Loading…
Add table
Add a link
Reference in a new issue